Merge branch 'mc_rocha-add-feature-flag-to-prevent-login' into 'master'

Add a feature flag to control when the login can be prevented See merge request gitlab-org/gitlab!84971

Merge branch 'mc_rocha-add-feature-flag-to-prevent-login' into 'master'
Add a feature flag to control when the login can be prevented See merge request gitlab-org/gitlab!84971
e8bc10b2 · Stan Hu · 07ec7757 · 191e2093 · e8bc10b2 · e8bc10b2
Commit e8bc10b2 authored Apr 12, 2022 by Stan Hu
3 changed files
--- a/config/feature_flags/development/arkose_labs_prevent_login.yml
+++ b/config/feature_flags/development/arkose_labs_prevent_login.yml
+---
+name: arkose_labs_prevent_login
+introduced_by_url:
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/358838
+milestone: '14.10'
+type: development
+group: group::antiabuse
+default_enabled: false
--- a/ee/app/services/arkose/user_verification_service.rb
+++ b/ee/app/services/arkose/user_verification_service.rb
@@ -122,6 +122,8 @@ module Arkose
    end
    def low_risk?(response)
+      return true unless Feature.enabled?(:arkose_labs_prevent_login, default_enabled: :yaml)
      risk_band = risk_band(response)
      risk_band.present? ? risk_band != 'High' : true
    end

--- a/ee/spec/services/arkose/user_verification_service_spec.rb
+++ b/ee/spec/services/arkose/user_verification_service_spec.rb
@@ -21,6 +21,7 @@ RSpec.describe Arkose::UserVerificationService do
      end
    end
+    context 'when feature arkose_labs_prevent_login is enabled' do
      context 'when the user solved the challenge' do
        context 'when the risk score is not high' do
          let(:arkose_ec_response) { Gitlab::Json.parse(File.read(Rails.root.join('ee/spec/fixtures/arkose/successfully_solved_ec_response.json'))) }
@@ -102,6 +103,7 @@ RSpec.describe Arkose::UserVerificationService do
          end
        end
      end
+    end
    context 'when an error occurs during the Arkose request' do
      it 'returns true' do
@@ -109,5 +111,20 @@ RSpec.describe Arkose::UserVerificationService do
        expect(subject).to be_truthy
      end
    end
+    context 'when feature arkose_labs_prevent_login is disabled' do
+      before do
+        stub_feature_flags(arkose_labs_prevent_login: false)
+      end
+      context 'when the risk score is high' do
+        let(:arkose_ec_response) { Gitlab::Json.parse(File.read(Rails.root.join('ee/spec/fixtures/arkose/successfully_solved_ec_response_high_risk.json'))) }
+        it 'returns true' do
+          allow(Gitlab::HTTP).to receive(:perform_request).and_return(response)
+          expect(subject).to be_truthy
+        end
+      end
+    end
  end
 end